[CERT-daily] Tageszusammenfassung - 26.09.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 25-09-2023 18:00 − Dienstag 26-09-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ A new spin on the ZeroFont phishing technique, (Tue, Sep 26th) ∗∗∗
---------------------------------------------
Last week, I came across an interesting phishing e-mail, in which a text written in a font with zero-pixel size was used in quite a novel way.
---------------------------------------------
https://isc.sans.edu/diary/rss/30248


∗∗∗ Analysis of CVE-2023-38831 Zero-Day vulnerability in WinRAR ∗∗∗
---------------------------------------------
A remote code execution when the user attempts to view a benign file within a ZIP archive. The issue occurs because a) ZIP archive may include a benign file such as an ordinary .JPG file and also a folder that has the same name as the benign file, and the contents of the folder which may include executable content are processed during an attempt to access only the benign file.
---------------------------------------------
https://blog.securelayer7.net/analysis-of-cve-2023-38831-zero-day-vulnerability-in-winrar/


∗∗∗ Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted ∗∗∗
---------------------------------------------
>From what was observed in previous cases, we were able to clearly identify a distribution campaign, using phishing webpages to trick victims into installing malicious APKs, which feature a larger list of targets compared to its previous versions.
---------------------------------------------
https://www.threatfabric.com/blogs/xenomorph


∗∗∗ PGP-verschlüsselte E-Mails mit macOS 14: GPGTools warnt vor schnellem Upgrade ∗∗∗
---------------------------------------------
macOS 14 sägt Mail-Plug-ins ab, bewährte Tools wie GPG funktionieren deshalb nicht mehr. GPGTools stellt aber eine neue Extension für Apple Mail in Aussicht.
---------------------------------------------
https://www.heise.de/-9318030


∗∗∗ Vorsicht, wenn PCM Marketing anruft ∗∗∗
---------------------------------------------
Unternehmen werden im Moment häufig von der Marketing-Agentur „PCM Marketing“ angerufen und an eine Kündigung eines Abos erinnert. Bei Nichtkündigung kommt es angeblich zu hohen Kosten. Nach dem Telefonat erhalten Sie ein E-Mail mit einer ausgefüllten Vorlage, die Sie unterschreiben und zurückschicken sollen. Achtung: Unterschreiben Sie nicht, Sie werden in ein teures Abo gelockt!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-wenn-pcm-marketing-anruft/


∗∗∗ Fortifying your wireless network: A comprehensive guide to defend against wireless attacks ∗∗∗
---------------------------------------------
In this in-depth blog, we will delve into the technical intricacies of safeguarding your network against wireless threats. Armed with this knowledge, you can confidently defend your wireless infrastructure against potential attackers.
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/fortifying-your-wireless-network-a-comprehensive-guide-to-defend-against-wireless-attacks



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Xen Security Advisory CVE-2023-20588 / XSA-439 ∗∗∗
---------------------------------------------
Version 1 accidentally linked to the wrong AMD bulletin.  This has been corrected in v2.  All other information in v1 is believed to be correct. | Impact: An attacker might be able to infer data from a different execution context on the same CPU core.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-439.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (exempi, glib2.0, lldpd, and netatalk), Fedora (curl, libppd, and linux-firmware), Oracle (kernel), and SUSE (Cadence, frr, modsecurity, python-CairoSVG, python-GitPython, and tcpreplay).
---------------------------------------------
https://lwn.net/Articles/945559/


∗∗∗ Firefox 118 und 115.3 ESR freigegeben ∗∗∗
---------------------------------------------
Zum 26. September 2023 haben die Mozilla-Entwickler den neuen Firefox 118 sowie das Wartungsupdate des Firefox 115.3 ESR veröffentlicht. Mit den Updates wurden einige Schwachstellen geschlossen.
---------------------------------------------
https://www.borncity.com/blog/2023/09/26/firefox-118-115-3-freigegeben/


∗∗∗ Suprema BioStar 2 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-01


∗∗∗ Advantech EKI-1524-CE series ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-04


∗∗∗ Hitachi Energy Asset Suite 9 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-02


∗∗∗ Baker Hughes Bently Nevada 3500 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-05


∗∗∗ Mitsubishi Electric FA Engineering Software ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03


∗∗∗ IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go (CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-29406, CVE-2023-29400, CVE-2023-24540, CVE-2023-24539, X-Force 250518) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7038772


∗∗∗ Vulnerability with kernel , OpenJDK jna-platform affect IBM Cloud Object Storage Systems (Sept2023) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7038968


∗∗∗ Vulnerability with bcprov-jdk affect IBM Cloud Object Storage Systems (Sept2023) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7038966


∗∗∗ Vulnerability with Python affect IBM Cloud Object Storage Systems (Sept2023v2) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7038969


∗∗∗ IBM InfoSphere Information Server is vulnerable to OS command injection (CVE-2022-35717) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7038982


∗∗∗ IBM Sterling Global Mailbox is vulnerable to privilege escalation attack due to Apache Cassandra ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7039222


∗∗∗ Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7039262


∗∗∗ Multiple security vulnerabilities affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7039367

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily